Package : libidn Version : 1.25-2+deb7u1 CVE ID : CVE-2015-2059
It was discovered that libidn, the GNU library for Internationalized Domain Names (IDNs), did not correctly handle invalid UTF-8 input, causing an out-of-bounds read. This could allow attackers to disclose sensitive information from an application using the libidn library.
For Debian 7 "Wheezy", these problems have been fixed in version 1.25-2+deb7u1.
We recommend that you upgrade your libidn packages.
Brian May <email@example.com>